Commit 9298694f authored by m33m33's avatar m33m33
Browse files

update

parent e76cf351
......@@ -17,17 +17,23 @@ CHANGED_ALERT=1
ADDED_ALERT=1
# Set to 1 to run automatic aide update after execution (not recommended)
AIDE_UPDATE=0
# Database file full path, neede if we run aide --update
AIDE_DB=/var/lib/aide/aide.db.gz
AIDE_DBNEW=/var/lib/aide/aide.db.new.gz
# You may want to point to a specific aide configuration file, depending on your setup and distribution
AIDE=aide
AIDE_BIN="aide "
AIDE_UPDATE_OPTS=" --verbose=3 --update "
if [ -f "/etc/debian_version" ]; then
AIDE="aide -c /etc/aide/aide.conf"
AIDE_CONF=" --config=/etc/aide/aide.conf "
fi
if [ -f "/etc/redhat-release" ]; then
AIDE="aide -c /etc/aide.conf"
AIDE_CONF=" --config=/etc/aide.conf "
fi
AIDE=$AIDE_BIN$AIDE_CONF
# Nothing to be modified below this line
########################################################################
VERSION=20200501
MYHOST=`hostname`
MYIP=`hostname -i`
ALERTRV=0
......@@ -44,10 +50,6 @@ if [ $? -ne 0 ]; then
exit 10
fi
if [ -f /etc/devian_version ]; then
# aide needs explicit config
AIDE="aide -c /etc/aide/aide.conf "
fi
$AIDE --help 1>/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Error: you need AIDE to watch for system changes, and to setup AIDE on first use"
......@@ -56,7 +58,8 @@ if [ $? -ne 0 ]; then
fi
# Prepare a nice mail report
echo "AIDE check report for: $MYHOST ($MYIP)" > $TMP.mailReport
echo "aideCheck.sh has sent you and AIDE report for: $MYHOST ($MYIP)" > $TMP.mailReport
echo " ">> $TMP.mailReport
# Run a diagonstic, this can take some time and CPU, be nice
nice $AIDE --check > $TMP
......@@ -89,10 +92,27 @@ if [ $nbLines -ne 0 ]; then
echo " " >> $TMP.mailReport
if [ $AIDE_UPDATE -eq 1 ]; then
echo " " >> $TMP.mailReport
echo "Running aide --update to refresh the baseline. Warning : you may miss important alerts, you should not use this setting in production" >> $TMP.mailReport
nice $AIDE --update 1>>$TMP.mailReport 2>&1
nice $AIDE $AIDE_UPDATE_OPTS 1>>$TMP.mailReport 2>&1
if [ ! -f $AIDE_DB ] || [ ! -f $AIDE_DBNEW ]; then
echo "Can't update databse, current or new update missing" >> $TMP.mailReport
else
mv -v -f $AIDE_DBNEW $AIDE_DB 1>> $TMP.mailReport 2>&1
if [ $? -ne 0 ]; then
echo "Error: can't swap old and new database" >> $TMP.mailReport
fi
fi
fi
echo " " >> $TMP.mailReport
echo " " >> $TMP.mailReport
echo " " >> $TMP.mailReport
echo "=END=v$VERSION==============================================" >> $TMP.mailReport
cat $TMP.mailReport
# send the alert if needed
if [ "x$MAIL\x" != "x\x" ]; then
cat $TMP.mailReport | mutt -a $TMP -s "[aideCheck.sh] Alert for $MYHOST, suspicious changes detected" -- $MAIL
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment